Titan Security Key
Google Titan Security Key - Two Factor Authentication (47400104011).jpg
Common manufacturersGoogle
Yubico
Design firmGoogle
IntroducedOctober 15, 2019
CostUS$30
ColorWhite

The Titan Security Key is a FIDO-compliant security token developed by Google which contains the Titan M cryptoprocessor which is also developed by Google. It was first released on October 15, 2019.[1]

Depending on the features, the key costs $25-$35,[2] but Google has provided them for free to high-risk users.[3] It is considered a more secure form of multi-factor authentication to log in to first-party and third-party services and to enroll in Google's advanced protection program. In 2021, Google removed the Bluetooth model due to concerns about its security and reliability.[2]

Vulnerabilities

The Bluetooth models initially had a security bug that allowed anyone within 30 feet to make a clone of the key.[4] The security firm NinjaLab has been able to extract the key using a side channel attack.[5] In 2019, Google has put a bug bounty up to US$1.5 million on the Titan chip.[6]

References

  1. ^ "USB-C Titan Security Keys - available tomorrow in the US". Google Online Security Blog. Retrieved 2022-02-03.
  2. ^ a b Clark, Mitchell (2021-08-09). "Google's new Titan security key lineup won't make you choose between USB-C and NFC". The Verge. Retrieved 2022-02-04.
  3. ^ Page, Carly (2021-10-08). "Google to give security keys to 'high risk' users targeted by government hackers". TechCrunch. Retrieved 2021-10-09.
  4. ^ Khalid, Amrita (2019-05-15). "Google recalls some Titan security keys after finding Bluetooth vulnerability". Engadget. Retrieved 2022-02-03.
  5. ^ Goodin, Dan (2021-01-08). "Hackers can clone Google Titan 2FA keys using a side channel in NXP chips". Ars Technica. Retrieved 2021-10-09.
  6. ^ Porter, Jon (2019-11-21). "Google really wants you to hack the Pixel's Titan M security chip". The Verge. Retrieved 2021-10-09.